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The method of claim wherein deploying the network monitors includes placing a 
plurality of service monitors among multiple domains of the enterprise network. 

jX. The method of claim Iff wherein receiving and integrating is performed by a domain 
monitor with respect to a plurality of service monitors within the domain monitor's associated 
network domain. 

X . 1 

72. The method of claim p9, wherein deploying the network monitors includes deploying a 
plurality of domain monitors within the enterprise network, each domain monitor being 
associated with a corresponding domain of the enterprise network. 



The method of claim ^ wherein receiving and integrating is performed by an enterprise 
monitor with respect to a plurality of domain monitors within the enterprise network. 



?4. The method of claim £0, wherein integrating comprises correlating intrusion reports 



reflecting underlying commonalities. 



1 I 

7$. The method of claim 0, wherein integrating further comprises invoking countermeasures 
to a suspected attack. 



To. The method of claim 0, wherein the plurality of network monitors include an API for 
encapsulation of monitor functions and integration of third-party tools. 
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J/. The method of claim 0, wherein the enterprise network is a TCP/IP network. 



78. The method of claim wherein the network monitors are deployed at one or more of 
the following facilities of the enterprise network: {gateways, routers, proxy servers}. 



The method of claim wherein the plurality of domain monitors within the enterprise 
network establish peer-to-peer relationships with one another. 



jK). An enterprise network monitoring system comprising: 

a plurality of network monitors deployed within an enterprise network, said plurality of 
network monitors detecting suspicious network activity based on analysis of network traffic data 
selected from the following categories: {network packet data transfer commands, network packet 
data transfer errors, network packet data volume, network connection requests, network 
connection denials, error codes included in a network packet}; 

said network monitors generating reports of said suspicious activity; and 
one or more hierarchical monitors in the enterprise network, the hierarchical monitors 
adapted to automatically receive and integrate the reports of suspicious activity. 



m. The system of claim $6, wherein the plurality of network monitors includes a plurality of 
service monitors among multiple domains of the enterprise network. 
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The system of claim ffi wherein a domain monitor associated with the plurality of 
service monitors within the domain monitor's associated network domain is adapted to 
automatically receive and integrate the reports of suspicious activity. 

0. The system of claim JflT, wherein the plurality of network monitors include a plurality of 
domain monitors within the enterprise network, each domain monitor being associated with a 
corresponding domain of the enterprise network. 

84. The system of claim £3, wherein an enterprise monitor associated with a plurality of 
domain monitors is adapted to automatically receive and integrate the reports of suspicious 
activity. 



86. The system of claim $ff 9 wherein the integration comprises correlating intrusion reports 
reflecting underlying commonalities. 



The system of claim §0, wherein the integration further comprises invoking 
countermeasures to a suspected attack. 

$?f. The system of claim J30, wherein the plurality of network monitors include an application 
programming interface (API) for encapsulation of monitor functions and integration of third- 
party tools. 
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j&. The system of claim ffi wherein the enterprise network is a TCP/IP network. 



§9. The system of claim wherein the network monitors are deployed at one or more of the 
following facilities of the enterprise network: {gateways, routers, proxy servers}. 



9J8. The system of claim §2, wherein the plurality of domain monitors within the enterprise 
network interface as a plurality of peer-to-peer relationships with one another. 



In the Abstract : 

Please delete the abstract and add: 

-«|A. computer-automated method of hierarchical event monitoring and analysis within an 
enterprise network including deploying network monitors in the enterprise network, detecting, by 
the network monitors, suspicious network activity based on analysis of network traffic data 
selected from the following categories: {network packet data transfer commands, network packet 
data transfer errors, network packet data volume, network connection requests, network 
connection denials, error codes included in a network packet}, generating, by the monitors, 
reports of the suspicious activity, and automatically receiving and integrating the reports of 
suspicious activity, by one or more hierarchical monitors^ 
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